Cisco IOS and IOS XE Software Multiple Remote Code Execution Vulnerabilities
by CIRT Team
Description: The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP – Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. A successful exploit could allow the attacker to execute arbitrary code and obtain full control of the affected system or cause the affected system to reload.
Impact: An attacker can exploit this issue to execute arbitrary code in the context of an affected system. Failed exploit attempts may result in a denial of service condition; this can result in the attacker gaining complete control of the affected system.
These issues are being tracked by Cisco Bug IDs-CSCve54313,CSCve57697,CSCve60276,CSCve60376,CSCve60402,CSCve60507,CSCve66540,CSCve66601,CSCve66658,CSCve78027,CSCve89865.
Mitigation: Updates are available. Please check specific vendor advisory for more information.